Conditional access system

ABSTRACT

A conditional access system in which entitlement control messages (ECMs) containing the encryption keys used to encrypt a program transmission, are sent to a set-top box over a secure communications channel separate from the channel used for transmission of the encrypted program.

FIELD OF THE INVENTION

The present invention relates generally to the field of broadcast andreception, particularly but not exclusively to a conditional accesssystem in a digital satellite television system. More particularly,aspects of the present invention relate to the transfer of entitlementcontrol messages in a channel separate from the broadcast channel.

BACKGROUND

Conditional access systems are well known and widely used in conjunctionwith currently available pay television systems. At present, suchsystems are based on the transmission of programmes scrambled withcontrol words which are received by subscribers having a set-top box anda smart card for each subscription package. The smart card for asubscription package from a particular service provider allows thescrambled programmes within the package to be descrambled and viewed.The broadcast stream further contains entitlement management messagesand entitlement control messages, which are necessary for the smart cardto descramble the broadcast. The terms scrambled and encrypted are usedinterchangeably in this application. WO 98/43426 discloses a digitalsatellite television system in which the entitlement management messagesare transmissible to the set-top box via a modem based back channel,rather than via the broadcast channel. This is done to speed up viewerauthorisation in viewing systems such as pay-per-view, since there is acertain time delay before the subscriber authorisation system (SAS) caninclude the proper entitlement management messages in the broadcaststream. However, the entitlement control messages which contain thecontrol word in an encrypted format are sent via the broadcast channel.The control word is decrypted at the set-top box by means of a smartcard.

SUMMARY OF THE INVENTION

According to the present invention, there is provided a conditionalaccess system comprising a first transmitter for transmitting ascrambled broadcast stream and a second transmitter for transmitting aplurality of control messages separate from the broadcast stream, saidcontrol messages including information for descrambling the broadcaststream.

The control messages may be sufficient on their own to allow thebroadcast stream to be descrambled.

By separating the broadcast and control message channels, the need for asmart card can be obviated, since the information for descrambling thebroadcast stream can be incorporated in said control messages withoutbeing encrypted. While the control messages can then be encrypted fortransmission over a secure link, for example over a virtual privatenetwork using a protocol such as the https secure sockets protocol, theunencrypted control words are recovered at the receiver side of thesecure link, so that the decoder does not require a smart card fordecryption. Advantageously, since the decoder is thereby provided withready to use decryption keys, the decoder can be made to be independentof any specialised conditional access system.

Additional security can be provided by encrypting the information fordescrambling the broadcast stream into the control messages, which givesrise to the need for a smart card, such as a virtual or software smartcard, at the decoder.

According to the invention, there is further provided a conditionalaccess system comprising a first receiver for receiving a scrambledbroadcast stream and a second receiver for receiving a plurality ofcontrol messages separate from the broadcast stream, the controlmessages including information for descrambling the broadcast stream.

The invention further provides a decoder for use in a conditional accesssystem for decrypting encrypted broadcast content, comprising a firstinput module for receiving said encrypted broadcast content from a firstcommunications channel and a second input module for receiving aplurality of control messages from a second communications channel, saidcontrol messages containing descrambling information for decrypting saidbroadcast content.

According to the invention, there is also provided a method for use in aconditional access system, in which a scrambled broadcast stream istransmitted to a decoder, said decoder being operable to receive aplurality of control messages including information for descrambling thebroadcast stream, the method comprising sending said control messages tosaid decoder separately from said broadcast stream.

The invention yet further provides a method for use in a conditionalaccess system, in which a scrambled broadcast stream is transmitted to afirst decoder and a second decoder, said first and second decoders beingoperable to receive a plurality of control messages includinginformation for descrambling the broadcast stream, the method comprisingreceiving a request to transmit a plurality of control messages to saidsecond decoder separately from the broadcast stream.

Roaming can thereby be facilitated. By denying a service to the firstdecoder while the control message stream is being sent to the seconddecoder, use of the service at the subscriber's home location can beprevented whilst roaming.

The first decoder does not need to have the ability to receive controlmessages separately and can be a conventional decoder.

According to the invention, there is additionally provided a conditionalaccess system, comprising a first communications channel for carrying abroadcast stream, said stream being scrambled with a stream of controlwords and a second communications channel separate from the firstchannel for carrying a stream of entitlement control messages, saidentitlement control messages incorporating information relating to thestream of control words for descrambling the broadcast stream.

The entitlement control messages can alone contain all of theinformation required to descramble the broadcast stream, so that thereis no need for other messages, such as entitlement management messages,to be transmitted. Furthermore, in this case, a decoder for descramblingthe broadcast stream does not require a smart card.

BRIEF DESCRIPTION OF THE DRAWINGS

Embodiments of the invention will now be described, by way of example,with reference to the accompanying drawings, in which:

FIG. 1 is a schematic diagram of a conventional conditional accesssystem;

FIG. 2 is a schematic diagram illustrating the flow of encryptedinformation and control information in the system of FIG. 1;

FIG. 3 is a schematic diagram illustrating a conditional access systemaccording to the invention;

FIG. 4 is a flow diagram illustrating the operation of the system ofFIG. 3; and

FIG. 5 is a schematic diagram illustrating the flow of encryptedinformation and control information in the system of FIG. 3.

DETAILED DESCRIPTION

Referring to FIG. 1, in a conventional conditional access system,content to be broadcast, including for example, video, audio and datacomponents, is encoded in an encoder 1 using an appropriate codingsystem, for example MPEG-II for digital broadcasting. The encodedbroadcast stream is encrypted or scrambled in a scrambler 2 under thecontrol of a control word CW generated by a control word generator 3 ina manner which is well-known per se. The control word is encrypted intoan Entitlement Control Message (ECM) by an ECM generator 4 together withaccess criteria which identify the service and the conditions requiredto access the service. For example, the access criteria may specifyregional limitations on the broadcast. A further type of message,referred to as an Entitlement Management Message (EMM), which carriesdetails of the subscriber and his subscription is generated by an EMMgenerator 5. While an ECM message is associated with a scrambledprogramme or set of programmes and carries the information required todecrypt those programmes, an EMM message is a message dedicated to anindividual user or group of users and carries the information necessaryto determine whether those users have the necessary subscriptions inplace to be able to view the programmes.

The scrambled encoded broadcast stream together with the ECM and EMMmessages is multiplexed in a multiplexer 6 with other broadcast streamsrepresenting other programmes, together making up a subscription packagefrom a particular service provider. The package is sent to a transmitter7 from which it is transmitted, via a communications channel 8, forexample a satellite or cable channel, using an appropriate modulationscheme. The scrambled encoded broadcast stream is received at asubscriber's receiver 9, for example a satellite dish, and passed to thesubscriber's set-top box 10.

On receipt at a set-top box (STB) 10, the received data is demultiplexedin a demultiplexer 11, to extract the required programme and itsassociated ECM and EMM messages. The extracted ECM and EMM messages aresent to a plug-in smart card 12. The smart card 12 uses the ECM and EMMmessages to determine whether the subscriber has the right to view thebroadcast and if so, to decrypt the control word CW, which is input to adescrambler 13 together with the scrambled broadcast stream to recoverthe original MPEG-II encoded broadcast stream. The encoded stream ispassed to an MPEG-II decoder 14 which produces an output signalcomprising audio, video and data components for display on thesubscriber's television 15.

The control word comprises alternating odd and even control words whichare alternated at, for example, two second intervals. Each control wordis changed at predetermined intervals, for example, every twentyseconds. A continuous stream of ECM messages is therefore required todescramble the scrambled signal. The EMM message can be updated lessfrequently.

The conventional form of ECM and EMM messages is defined in theinternational standard ISO IEC 13818-1, the entire contents of which areincorporated herein by reference.

FIG. 2 illustrates the flow of signal data and the control word (CW)within the system of FIG. 1. On the transmitter side, the control wordCW is used to encrypt the unencrypted broadcast signal S in thescrambler 2 to generate an encrypted signal E(S). This is passed to themultiplexer 6 together with the encrypted control word E(CW) generatedby the encryption module 4. On the receiver side, the encrypted signalE(S) and encrypted control word E(CW) from the multiplexer 6 are fed tothe demultiplexer 11. This outputs the encrypted signal E(S) to thedescrambler 13 and the encrypted control word E(CW) to the smart carddecryption module 12. The smart card 12 contains the cryptographic keynecessary to decrypt the encrypted control word E(CW) to reproduce theoriginal control word CW. This is used in the descrambler 13 todescramble the encrypted signal E(S) to reproduce the original signal S.

FIG. 3 shows an embodiment of the invention which is a modification ofthe system of FIG. 1. In the conditional access system shown in FIG. 3,rather than sending the ECM messages along with the broadcast channel,the ECM messages are sent on a separate channel. Referring to FIGS. 3and 4, broadcast content is encoded using an MPEG-II encoder 1 (steps1). A control word is generated by a control word generator 3 (step s2)and the encoded broadcast stream is encrypted or scrambled in ascrambler 2 under the control of the control word CW (step s3). Thescrambled programme is multiplexed with a plurality of other programmes(step s4) in a multiplexer 6 and transmitted from a transmitter 7 viacommunications channel 8 to a receiver 9, together comprising, forexample, a satellite communications link (step s5). A demultiplexer 11extracts the required programme stream from the received signal (steps6), which is then sent to a set-top box 20, also referred to herein asa decoder (step s7). The decoder includes a descrambler 13 fordescrambling the scrambled broadcast signal under the control of acontrol word.

An ECM server 21 is used to generate an ECM message which incorporatesthe control word CW without encryption (step s8), together with theaccess criteria described with reference to FIG. 1. The subscriptioninformation which would conventionally be carried by an EMM message isincorporated into the ECM message. The ECM message is not multiplexedinto the broadcast stream, but is sent to a second transmitter 22, fromwhere it is transmitted by a second communications channel 23 to asecond receiver 24 (step s9). The ECM message is passed from the secondreceiver 24 to a processor 25 within the set-top box 20 (step s10). Theprocessor 25 checks that the subscription information in the ECM isvalid and extracts the control word CW from the ECM message (step s11).This is input to the descrambler 13 (step s12). The descrambler 13descrambles the broadcast stream using the control word (step s13). Thedescrambled encoded stream is passed to an MPEG-II decoder 14 whichproduces an output signal comprising audio, video and data components(step s14) which is sent for display on the subscriber's television 15(step s15).

The communications channel 23 in this embodiment comprises a virtualprivate network (VPN). In other embodiments of the invention, thecommunications channel 23 comprises a cellular telephone network such asa GSM, UMTS or GPRS network, a conventional PSTN point-to-pointtelephone connection, a DSL connection, a secure HTTPS socket connectionover the Internet, another IP based network, for example using streamingmedia, or a network based on a different protocol or any other form ofcommunications link over satellite, cable, by terrestrial transmissionor otherwise. In preferred embodiments of the invention, a secure linkis used to enhance the security of the transmitted control word.

In the event that the receiver 24 comprises a mobile telephone, this canbe linked to the set-top box by any suitable means, including forexample, a cable or infra-red connection.

While FIG. 3 shows the second receiver 24 as separate from the set-topbox 20, in an alternative embodiment, the second receiver 24 is locatedwithin the set-top box 20, as shown by the dotted line marked 26 in FIG.3. For example, the second receiver 24 provides a network connectionwhich permits the set-top box 20 to be plugged into an appropriatenetwork to provide the ECM message stream.

FIG. 5 illustrates the flow of signal data and the control word (CW)within the system of FIG. 3. On the transmitter side, the control wordCW is used to encrypt the unencrypted broadcast signal S in thescrambler 2 to generate an encrypted signal E(S). The encrypted signalE(S) is sent to the descrambler 13 on the receiver side, via themultiplexer 6 and demultiplexer 11. The control word CW is sentunencrypted to the transmitter 22 where it is encrypted for transmissionover a virtual private network 23. The control word CW is decrypted atthe receiver 24 and sent to the descrambler 13 in unencrypted form,where it is used to descramble the encrypted signal E(S) to reproducethe original signal S. A smart card containing decryption keys istherefore not required in the set-top box.

By transmitting the ECM on a separate channel from the broadcast stream,the ECM becomes individualised, i.e. it applies to an individualsubscriber or group of subscribers, so that a range of new servicesbecome available. A conditional access system according to the inventionenables a third party to assemble a package of channels from differentservice providers and distribute the package in a secure way byencrypting the package with its own control words and transmitting thecontrol words to each subscriber via a point-to-point connection.

The above example has been described with the control word beinginserted into the ECM message in unencrypted form and the ECM messagebeing encrypted for transmission over the secure channel. In analternative embodiment, a further level of encryption is applied byencrypting the control word CW into the ECM message, to increase thesecurity of the conditional access system, in which case a smart card isagain required in the set-top box. The smart card can be a softwaresmart card or a virtual smart card. Alternatively, a second ECM smartcard is provided as a travel smart card, so that if the first smart cardfor the set-top box is not in use, the second ECM smart card is used toallow point-to-point transmission of ECM messages, for example, in aroaming scenario as described below.

A conditional access system can be provided in which the possibility ofroaming exists in an analogous way to roaming in a GSM network. Asubscriber wishing to view a program using a set-top box arrangement ina different region from his home region requests authorisation from thatregion's service provider, using a travel smart card as described above.The service provider checks that a subscription arrangement existsbetween the subscriber and his home network and, if so, transmits thecontrol word stream required to decrypt the required program to thesubscriber over a point-to-point connection.

Once a subscriber has requested point-to-point transmission of ECMs tohis current location, the EMM information can be removed from the homeregion-based service by a subscriber authorisation system used by theservice provider. This temporarily denies access to services at thesubscriber's home location.

The subscriber's home region-based decoder can be a conventional decoderreceiving ECMs transmitted with the broadcast stream. The decoder usedat the roaming location is a decoder according to the invention,equipped to receive an ECM stream point-to-point. Two sets of ECMs aretherefore being transmitted, the first multiplexed with the broadcaststream enabling viewing by the conventional decoder and the second ECMstream being transmitted over a separate channel from the broadcaststream to enable a decoder according to the invention to view theprogramme.

To reduce the required number and calculation of ECM messages forindividual subscribers, the personalised ECM messages can be sent togroups of subscribers, the size of the group depending on the level ofsecurity required. A further way of reducing calculation needs is tosend ECM messages for one channel only, rather than for every channel,since only the control words for the channel actually being watched needto be transferred.

The embodiments described above envisage the contents of the EMMmessages being subsumed into the ECM messages. Of course, if it isdesired to maintain the separation of the information, for examplebecause EMM messages need to be sent much less frequently than ECMmessages, then EMM messages can continue to be sent, either incorporatedin the broadcast stream, or via a separate channel, as explained forexample in WO 98/43426, which is incorporated herein by reference. Forexample, to block use of the home decoder in the event that the roamingfacility is used, EMM messages sent to the first decoder can indicatethat subscription rights are not available while the roaming facility isin use. If the information that would conventionally be carried by anEMM message is not needed in a particular scenario, EMM messages neednot be sent at all.

1. A method comprising: receiving, at a second service provider, a userrequest for transmission of control messages to a decoder over a roamingnetwork in a second region, wherein the control messages are configuredto descramble a program included in a scrambled broadcast streambroadcast by the second service provider over the roaming network; inresponse to the request, checking whether a subscription arrangementexists between a user associated with the user request and a firstservice provider configured to broadcast over a home network in a firstregion different from the second region, wherein the subscriptionarrangement enables roaming; and if the subscription arrangement exists,transmitting the control messages from the second service provider tothe second decoder.
 2. A method according to claim 1, wherein saidcontrol messages are alone sufficient to descramble said secondbroadcast stream.
 3. A method according to claim 1, wherein the firstdecoder is arranged to receive the control messages with the firstbroadcast stream and the second decoder is arranged to receive thecontrol messages separate from the second broadcast stream.
 4. A methodaccording to claim 1, wherein the first decoder is associated with afirst smart card, and a user uses a second smart card to request accessto the second broadcast stream at the second decoder.
 5. A methodcomprising: transmitting a second scrambled broadcast stream from asecond service provider in a second region to a second decoder andtransmitting a first scrambled broadcast stream to a first decoder froma first service provider in a first region different from the secondregion, wherein said first and second decoders are configured to receivecontrol messages including information for descrambling the first andsecond scrambled broadcast streams; receiving, at the second serviceprovider, a user request for accessing the second scrambled broadcaststream at the second decoder; checking whether a user associated withthe user request is authorized to access the second scrambled broadcaststream by checking that a subscription arrangement exists between theuser and the first service provider; in the event the user is authorizedto access the second broadcast stream, transmitting the control messagesfrom the second service provider to said second decoder; and denying aservice to the first decoder while the control messages are being sentto the second decoder.
 6. A method according to claim 5, wherein thecontrol messages comprise entitlement control messages, and the firstdecoder further receives entitlement management messages for providingsubscription information, wherein denying a service to the first decodercomprises removing the entitlement management messages.
 7. A methodaccording to claim 5, wherein the control messages comprise entitlementcontrol messages, and the first decoder further receives entitlementmanagement messages for providing subscription information, whereindenying a service to the first decoder comprises sending entitlementmanagement messages that indicate that subscription rights are notavailable in the first region while the user is roaming to the secondregion.
 8. An apparatus comprising: a subscription authorization moduleconfigured to enable a second service provider to check if a user isauthorized to access a second scrambled broadcast stream at a seconddecoder, wherein the check is performed in response to a request, fromthe user, for transmission of control messages to the second decoder,wherein the control messages are configured to descramble a programincluded in the second scrambled broadcast stream, wherein the secondscrambled broadcast stream is configured for transmission from thesecond service provider to the second decoder over a roaming network ina second region, wherein the second service provider is different from afirst service provider configured to transmit a first scrambledbroadcast stream carrying the program to a first decoder over a homenetwork in a first region different from the second region; and atransmitter for transmitting the control messages to the second decoderif access is authorized, wherein the first and second decoder areoperable to receive the control messages including information fordescrambling the first and second scrambled broadcast streams, andwherein the subscription authorization module is configured to checkthat a subscription arrangement enabling roaming exists between the userand the first service provider to determine whether the user isauthorized to access the second scrambled broadcast stream at the seconddecoder.
 9. An apparatus according to claim 8, wherein the first decoderis associated with a first smart card and the subscription authorizationmodule is arranged to receive a request from a second smart card at thesecond decoder.
 10. An apparatus according to claim 9, wherein the firstsmart card is a software smart card.
 11. An apparatus according to claim9, wherein the first smart card is a virtual smart card.
 12. Anapparatus according to claim 9, wherein the second smart card is asoftware smart card.
 13. An apparatus according to claim 9, wherein thesecond smart card is a virtual smart card.
 14. An apparatus comprising:a subscription authorization module configured to enable a secondservice provider to check if a user is authorized to access a secondscrambled broadcast stream at a second decoder, wherein the check isperformed in response to a request, from the user, for transmission ofcontrol messages to the second decoder, wherein the control messages areconfigured to descramble a program included in the second scrambledbroadcast stream, wherein the second scrambled broadcast stream isconfigured for transmission from the second service provider to thesecond decoder over a roaming network in a second region, wherein thesecond service provider is different from a first service providerconfigured to transmit a first scrambled broadcast stream carrying theprogram to a first decoder over a home network in a first regiondifferent from the second region; a transmitter for transmitting thecontrol messages to the second decoder if access is authorized; and anaccess prevention module configured to prevent the first decoder fromaccessing the first scrambled broadcast stream when the control messagesare transmitted to the second broadcast stream, wherein the subscriptionauthorization module is operable to check that a subscriptionarrangement enabling roaming exists between the user and the firstservice provider to determine whether the user is authorized to accessthe second scrambled broadcast stream at the second decoder.
 15. Anapparatus according to claim 14, wherein the access prevention modulecomprises means for removing subscription rights of the user throughentitlement control messages sent to the first decoder.
 16. An apparatusaccording to claim 14, wherein the access prevention module comprisesmeans for removing the entitlement control messages sent to the firstdecoder.